Obscurity | HackTheBox Writeup


Obscurity is a Medium Linux-based machine in HackTheBox

User part

Start with nmap scan found 2 open ports

Go to the website, From the webpage we identified a file ‘SuperSecureServer.py’

Try to find where it located on the website using WFUZZ tool, and we got it is inside the develop folder

Go to the Page, we can see the Python file in their

By Analyzing the code, I identified the ‘exec()’ contains the path variable, which gives by us

It is using python, so search for python reverse shell and i found from pentestmonkey

Copy and Paste it as the path after the Host and we got a shell

I found Robert is a user from ‘/etc/passwd’ , So go to ‘/home/robert/’ folder.

We can see some files and a python script.
by reading ‘check.txt’ we identified that the key will get from ‘out.txt’.
so tried with the python script’s options and add ‘key to use’ as the text which is in ‘check.txt’.

Now we got the key to decrypt the ‘passwordreminder.txt’.
execute python script with the key we got now and
We Got the Password for the Robert User and log in as Robert.

We got User flag


Root Part

Now check which all are we can execute with sudo privilege, we found ‘BetterSSH.py’ from BetterSSH folder.

From Robert’s directory, I found Robert has the privilege to modify the directory.
So I moved the current BetterSSH to BetterSSH_backup and created a BetterSSH folder.
And I added the BetterSSH.py file. In that file, i added code to get the bash shell.
Now execute the file with sudo permission and we got root user and flag

Share on facebook
Share on twitter
Share on linkedin